listing-stale-branches

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). Yes — the optional Remote Analysis (Step 6) runs git fetch --prune and then reads/list remote refs (git branch -r, git for-each-ref on refs/remotes/$remote/) and commit metadata, which ingests and displays potentially untrusted, user-generated branch names and commit messages from third‑party remotes.